- Practical HTTP Host Header Attacks — lots of cleverness like So, to persuade a cache to serve our poisoned response to someone else we need to create a disconnect between the host header the cache sees, and the host header the application sees. In the case of the popular caching solution Varnish, this can be achieved using duplicate Host headers. Varnish uses the first host header it sees to identify the request, but Apache concatenates all host headers present and Nginx uses the last host header.
- Madeye — collaborative code editing inside a Google Hangout. (via Andy Baio)
- Too Momentous for the Medium — Whatever you now find weird, ugly, uncomfortable and nasty about a new medium will surely become its signature. CD distortion, the jitteriness of digital video, the crap sound of 8-bit – all of these will be cherished and emulated as soon as they can be avoided. It’s the sound of failure: so much modern art is the sound of things going out of control, of a medium pushing to its limits and breaking apart. The distorted guitar sound is the sound of something too loud for the medium supposed to carry it. The blues singer with the cracked voice is the sound of an emotional cry too powerful for the throat that releases it. The excitement of grainy film, of bleached-out black and white, is the excitement of witnessing events too momentous for the medium assigned to record them. (Brian Eno’s words)
- Where the Happy Talk about Corporate Culture is All Wrong (NY Times) — I think there are two types of happiness in a work culture: Human Resources Happy and High Performance Happy. Fast-growth success has everything to do with the latter and nothing to do with the former. Lazy false opposition, and he describes an asshole-rich workplace that would only please a proctologist. (via Sara Winge)
ENTRIES TAGGED "http"
Know Your HTTP, Digital Exploitation, Insecure Webcams, and CS Courses
- Know Your HTTP Posters (GitHub) — A0-posters about the HTTP protocol.
- Crowdserfing — when a large corp uses crowd-sourced volunteering for its own financial gain, without giving back. It offends my sense of reciprocity as well, but nobody is coerced into using Google Maps or contributing data to it. How do we decide what is “right”?
- Exposed Webcam Viewer — hotels in Russia, lobbies in California, and blinking lights in the darkness from all around the world. (via Hacker News)
- Beauty and Joy of Computing — an introductory computer science curriculum developed at the University of California, Berkeley, intended for non-CS majors at the high school junior through undergraduate freshman level. Uses Snap, a web-based implementation of Scratch.
Why the ASP.NET Web API Framework is an essential tool for RESTful applications.
Buffett Lessons, Crypto Startup, HTTP 451, and Fixing Academic Publishing
- Warren Buffett Lessons — nice anthology of quotes, reordered into almost a narrative on different topics. (via Rowan Simpson)
- Silent Circle — Phil Zimmermann’s new startup, encrypting phone calls for iPhone and Android for $20/month. “I’m not going to apologize for the cost,” Zimmermann told CNET, adding that the final price has not been set. “This is not Facebook. Our customers are customers. They’re not products. They’re not part of the inventory.” (via CNET)
- New HTTP Code for “Legally Restricted” — it’s status code 451.
- PeerJ — changing the business model for academic publishing: instead of charging you each time you publish, we ask for a single one off payment, giving you the lifetime right to publish articles with us, and to make those articles freely available. Lifetime plans start at just $99. O’Reilly a happy investor.
Touch-Typing Instruction, HTTP Header Attacks, Sorting Ratings, and Risks of Inspecting Applicants' Facebook Pages
- Typing Club — lessons to improve your touch-typing, building you up letter by letter to speed and mastery. Like how I learned, only without the typewriters and the bibs and the roomful of girls. It wasn’t easy being the only boy in typing class, but somehow I managed. (via EdTech ideas)
- SQL Injection via HTTP Headers — excellent introduction to how some surprising HTTP headers can be attack vectors.
- How Not to Sort by Average Rating (Evan Miller) — so easy to get it wrong, so eye-wateringly complex a formula to do it right. (via Hacker News)
- I Hereby Resign (Reg Braithwaite) — not an actual resignation letter, but it highlights exactly why asking to see applicants’ Facebook pages is a bad idea. “If you are surfing my Facebook, you could reasonably be expected to discover that I am a Lesbian. Since discrimination against me on this basis is illegal in Ontario, I am just preparing myself for the possibility that you might refuse to hire me and instead hire someone who is a heterosexual but less qualified in any way. Likewise, if you do hire me, I might need to have your employment contracts disclosed to ensure you aren’t paying me less than any male and/or heterosexual colleagues with equivalent responsibilities and experience.” Ditto “spouse is pregnant so I’m about to take maternity leave just after you hire me”, etc. Those things you spend days thumping into HR that they aren’t supposed to ask about? All on the applicants’ Facebook pages.
REST Interfaces, Browser History, Crappy Textbooks, and Wireless Babies
- Designing RESTful Interfaces (Slideshare) — extremely good presentation on how to build HTTP APIs.
- Manipulating History for Fun and Profit — if you want to make websites that are AJAX-responsive but without breaking the back button or preventing links, read this.
- Why Textbooks Are So Broken (Salon) — Let’s say a publisher hires a developer for a certain low-bid fee to produce seven supplemental math books for grades 3-8. The product specs call for each student book and teacher guide to have page counts of roughly 100 pages and 80 pages, respectively. The publisher wants these seven books ready for press in five weeks—over 1,400 pages. To put this in perspective, in the not too recent past at least six months would be allotted for a project of this size. But publishers customarily shrink their deadlines to get a jump on the competition, especially in today’s math market. Unreasonable turnaround times are part of the new normal, something that almost guarantees a lack of quality right out of the gate.
- exmobaby — wireless biosensor baby pyjamas send ECG, skin temperature, and movement data via Zigbee. (via Jo Komisarczuk)
Analytics in Excel, HTTP Debugger, Analytics for Personalized Healthcare, and EFF To The Rescue
- Excel Cloud Data Analytics (Microsoft Research) — clever–a cloud analytics backend with Excel as the frontend. Almost every business and finance person I’ve known has been way more comfortable with Excel than any other tool. (via Dr Data)
- HTTP Client — Mac OS X app for inspecting and automating a lot of HTTP. cf the lovely Charles proxy for debugging. (via Nelson Minar)
- The Creative Destruction of Medicine — using big data, gadgets, and sweet tech in general to personalize and improve healthcare. (via New York Times)
- EFF Wins Protection of Time Zone Database (EFF) — I posted about the silliness before (maintainers of the only comprehensive database of time zones was being threatened by astrologers). The EFF stepped in, beat back the buffoons, and now we’re back to being responsible when we screw up timezones for phone calls.
Newton's Notebooks, Creative Commons, Node HTTP, and Data Business
- Newton’s Notebooks Digitised — wonderful for historians, professional and amateur. I love (a) his handwriting; (b) the pages full of long division that remind us what an amazing time-saver the calculator and then computer was; (c) use of “yn” for “then (the y is actually a thorn, pronounced “th”, and it’s from this that we get “ye”, actually pronounced pronounced “the”). All that and chromatic separation of light, inverse square law, and alchemical mysteries.
- Creative Commons Kicks Off 4.0 Round — public discussion process around issues that will lead to a new version of the CC licenses.
- Holding Back the Age of Data (Redmonk) — Absent a market with well understood licensing and distribution mechanisms, each data negotiation – whether the subject is attribution, exclusivity, license, price or all of the above – is a one off. Very good essay into the evolution of a mature software industry into an immature data industry.
Cooked Brands, HTML Bootstrap, Browser Security Headers, and Swarming Robots
- Cities in Fact and Fiction: An Interview with William Gibson (Scientific American) — Paris, as much as I love Paris, feels to me as though it’s long since been “cooked.” Its brand consists of what it is, and that can be embellished but not changed. A lack of availability of inexpensive shop-rentals is one very easily read warning sign of overcooking. I wish Manhattan condo towers could be required to have street frontage consisting of capsule micro-shops. The affordable retail slots would guarantee the rich folks upstairs interesting things to buy, interesting services, interesting food and drink, and constant market-driven turnover of same, while keeping the streetscape vital and allowing the city to do so many of the things cities do best. London, after the Olympic redo, will have fewer affordable retail slots, I imagine. (via Keith Bolland)
- Bootstrap — HTML toolkit from Twitter, includes base CSS and HTML for typography, forms, buttons, tables, grids, navigation, and more. Open sourced (Apache v2 license).
- Extra Headers for Browser Security — I hadn’t realized there were all these new headers to avoid XSS and other attacks. Can you recommend a good introduction to these new headers? (via Nelson Minar)
- Swarmanoid — award-winning robotics demo of heterogeneous, dynamically connected, small autonomous robots that provide services to each other to accomplish a larger goal. (via Mike Yalden)
Android Peripherals, Security Asymmetry, Teaching on G+, and HTTP Load Testing
- DSLR Controller — Android app that lets you remote-control your DSLR. Much being made of the fact that iOS devices aren’t as easy to interface with. For more, see the Wired article. (via BoingBoing)
- Asymmetric Security Warfare — I found this nugget buried in this photo shoot talking about the differences between Black Hat and DEFCON conferences: [Mudge, Peiter] Zatko found that it takes about 125 lines of code to create the typical piece of malware and it takes about 10 million lines of code to create sophisticated technologies to protect against it.
- Teaching Cooking in Google+ Hangouts (KQED) — I love the many uses of hangouts. To my mind, they remain the unique value-add for G+.
- HTTP Benchmarking Rules — Mark Nottingham lays down some guidelines for meaningful and effective benchmarking of HTTP services. Full of subtleties and wile: [P]retty much every server loses some capacity once you throw more work at it than it can handle. A better way to get an idea of capacity is to test your server at progressively higher loads, until it reaches capacity and then backs off; you should be able to graph it as a curve that peaks and then backs off. How much it backs off will indicate how well your server deals with overload.